1. Field of the Invention
The present invention relates to an information processing system, an information processing device, and an authentication method.
2. Description of the Related Art
In recent years, attention has been directed to cloud computing technology, which is a form of providing services from a server to a client. In cloud computing, many computing resources are used for executing data processing, and processing a request from a client. There are many vendors that provide various services by implementing a web service in a cloud computing environment for realizing cloud computing as described above (see e.g., Japanese Laid-Open Patent Publication No. 2012-226700).
The user may need to perform multiple authentication operations in order to use various services provided by cloud computing. Note that Single Sign-On (SSO) is known as a technology for reducing the load on the user when performing authentication. By using Single Sign-On, once the user completes a sign-on (login) operation, i.e., once the user is authenticated, the user does not have to execute another sign-on operation with respect to another service (see e.g., Japanese Laid-Open Patent Publication No. 2006-31714).
The Single Sign-On is an authentication method that involves utilizing a common authentication base for a plurality of services such that once authentication is performed with respect to one service, authentication may be omitted with respect to other services. To implement Single Sign-On, a trust relationship must be established beforehand between an IdP (Identity Provider) that provides authentication/authorization information and a SP (Service Provider) that provides services to a client according to authentication/authorization information issued by the IdP. Such a trust relationship between an IdP and a SP is referred to as “trust circle”. A user that is authenticated at the IdP is able to forgo authentication at an SP that has established a trust relationship with the IdP beforehand (i.e., SP that belongs to the same trust circle).
Services of an IdP that are provided by cloud computing may be used by a plurality of organizations. An SP belonging to a trust circle may vary depending on each organization. However, a conventional IdP lacks the means to accommodate such a variation.
Accordingly, there is a demand for a technique for enhancing flexibility in establishing a trust relationship for authentication.